Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 14

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 1451

Question

An organization has established three IT processing environments: development, test, and production. The MAJOR reason for separating the development and test environments is to:

A. obtain segregation of duties between IT staff and end users.
B. limit the users’ access rights to the test environment.
C. perform testing in a stable environment.
D. protect the programs under development from unauthorized testing.

Answer

C. perform testing in a stable environment.

CISA Question 1452

Question

During the evaluation of a firm’s newly established whistleblower system, an auditor notes several findings. Which of the following should be the auditor’s
GREATEST concern?

A. New employees have not been informed of the whistleblower policy.
B. The whistleblower’s privacy is not protected.
C. The whistleblower system does not track the time and date of submission.
D. The whistleblower system is only available during business hours.

Answer

B. The whistleblower’s privacy is not protected.

CISA Question 1453

Question

Which of the following methods would be MOST effective in verifying that all changes have been authorized?

A. Reconciling problem tickets with authorized change control entries
B. Reconciling reports of changes in production libraries to authorized change log entries
C. Validating authorized change log entries with individual(s) who promoted into production
D. Reconciling reports of changes in development libraries to supporting documentation

Answer

C. Validating authorized change log entries with individual(s) who promoted into production

CISA Question 1454

Question

An organization is replacing its financial processing system. To help ensure that transactions in the new system are processed accurately, which of the following is MOST appropriate?

A. Compare year-to-date balances between the systems.
B. Reconcile results of parallel processing.
C. Document and test internal controls over the conversion.
D. Review data file conversion procedures.

Answer

B. Reconcile results of parallel processing.

CISA Question 1455

Question

During a follow-up audit, an IS auditor discovers that a recommendation has not been implemented. However, the auditee has implemented a manual workaround that addresses the identified risk, through far less efficiency than the recommended action would. Which of the following would be the auditor’s BEST course of action?

A. Notify management that the risk has been addressed and take no further action.
B. Escalate the remaining issue for further discussion and resolution.
C. Note that the risk has been addressed and notify management of the inefficiency.
D. Insist to management that the original recommendation be implemented.

Answer

C. Note that the risk has been addressed and notify management of the inefficiency.

CISA Question 1456

Question

Which of the following should be an IS auditor’s PRIMARY focus when developing a risk-based IS audit program?

A. Business plans
B. Business processes
C. IT strategic plans
D. Portfolio management

Answer

C. IT strategic plans

CISA Question 1457

Question

Which of the following is the MOST effective way to maintain network integrity when using mobile devices?

A. Perform network reviews.
B. Implement network access control.
C. Implement outbound firewall rules.
D. Review access control lists.

Answer

B. Implement network access control.

CISA Question 1458

Question

An IS auditor is assessing the results of an organization’s post-implementation review of a newly developed information system. Which of the following should be the auditor’s MAIN focus?

A. The procurement contract has been closed.
B. Lessons learned have been identified.
C. The disaster recovery plan has been updated.
D. Benefits realization analysis has been completed.

Answer

C. The disaster recovery plan has been updated.

CISA Question 1459

Question

Which of the following is the MOST significant risk when an application uses individual end user accounts to access the underlying database?

A. User accounts may remain active after a termination.
B. Multiple connects to the database are used and slow the process.
C. Application may not capture a complete audit trail.
D. Users may be able to circumvent application controls.

Answer

A. User accounts may remain active after a termination.

CISA Question 1460

Question

Which of the following is the MOST important difference between end-user computing (EUC) applications and traditional applications?

A. Traditional application documentation is typically less comprehensive than EUC application documentation.
B. Traditional applications require roll-back procedures whereas EUC applications do not.
C. Traditional applications require periodic patching whereas EUC applications do not.
D. Traditional application input controls are typically more robust than EUC application input controls

Answer

C. Traditional applications require periodic patching whereas EUC applications do not.

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker